ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Infected PHP PEAR reverse shell

    Scheduled Pinned Locked Moved IT Discussion
    phppearsecurity
    1 Posts 1 Posters 443 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Emad RE
      Emad R
      last edited by Emad R

      If you installed PEAR PHP in the last 6 months, you may be infected
      https://www.zdnet.com/article/mystery-still-surrounds-hack-of-php-pear-website/
      IT seems if you installed from default repos, your safe, but using site version your not
      PEAR developers promised a more detailed incident post-mortem when this operation concludes.

      In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it's a clean version that webmasters can install without fear of downloading a potentially backdoored release

      UPDATE, January 23: In a series of tweets following the publication of this article, the PEAR team has published more details about its recent security breach. The tweets are embedded below:

      In addition, the team at DCSO has also analyzed the malicious backdoor, and confirmed the findings of the PEAR team that it drops a reverse shell on infected hosts, allowing attackers to connect to web servers running a tainted PEAR package.

      https://www.virustotal.com/#/file/f74c4406c53e5b0187b8b1cfeb5b74f88ac9294acca29bdba8bd11371b2245e8/detection

      Guys I need to be able to download this infected PHP pear how to do so ?? I need to test security scanners for linux

      1 Reply Last reply Reply Quote 2
      • 1 / 1
      • First post
        Last post